strongswan: Update to version 6.0.4
Commit Message
- Update from version 6.0.3 to 6.0.4
- No change to the rootfile
- Changelog
6.0.4
Vulnerabilities
Fixed a vulnerability in the NetworkManager plugin that potentially allows
using credentials of other local users. This vulnerability has been
registered as CVE-2025-9615. Please refer to our blog for details.
Enhancements and Optimizations
Concurrent requests to fetch the same CRL URI by multiple threads are now
combined by the revocation plugin (#2918). Only the first thread
actually fetches it, the others wait for that result. This is
particularly helpful if the CRL can currently not be fetched due to DNS
or HTTP/LDAP timeouts as it avoids that each thread has to wait
individually, reducing the number of SAs that can concurrently be
established as threads are blocked longer. A negative result is cached
for a while (currently 30 seconds) so requests can fail quickly and
threads can continue establishing SAs if they use a relaxed revocation
policy.
The maximum supported length for section names in swanctl.conf has been
increased to the upper limit of 256 characters that's enforced by VICI
(#2936).
Fixes
Prevent a crash if a confused peer rekeys a Child SA twice before sending a
delete (#2945).
Fixed a memory leak if a peer's self-signed certificate is untrusted (#2954).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/strongswan | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -24,7 +24,7 @@
include Config
-VER = 6.0.3
+VER = 6.0.4
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 355dff5de259e545b1bb5e24853dc91148c3d400b1977a2de35271e019dfc236c838ccac4552974a4999e2768900150c432753fc0d422444d4cc34486566e192
+$(DL_FILE)_BLAKE2 = 2291900bda3e679cb68f35e44fe20011d82b44e7a9ed3fd0ae7c40ed57154c5ecded1ab5bffc9ab30c93de667ef9b103a7da1a2b31d8e2eae97b268f0be11f01
install : $(TARGET)